Cyber Advisors Security Updates May 2022

Posted by Dan Sanderson on May 12, 2022 12:36:42 PM

This month is another important month for Microsoft Patch Tuesday and subscribers of our Cyber Thursday blog, with 75 vulnerabilities reported, 8 of which are considered “Critical” (RCE or LPE) vulnerabilities.

We start with 3 Zero-days, including 2 that have active exploits underway.  Do not delay getting your systems updated as several of these vulnerabilities are favorites of our Cyber Advisors penetration testers.

  • CVE-2022-26925 - Windows LSA Spoofing Vulnerability
    • Threat actors can intercept legitimate authentication requests, elevate privileges, and impersonate a Domain Controller
  • CVE-2022-22713 - Windows Hyper-V Denial of Service Vulnerability
  • CVE-2022-29972 - Insight Software: CVE-2022-29972 Magnitude Simba Amazon Redshift ODBC Driver [Azure Synapse and Azure Data Factory]


The other (8) 'Critical' vulnerabilities from Patch Tuesday:

  • Azure SHIR
    • Upcoming improvements to Azure Data Factory and Azure Synapse Pipeline infrastructure in response to CVE-2022-29972
  • RDC
    • Remote Desktop Client Remote Code Execution Vulnerability
  • Self-hosted Integration Runtime
    • Insight Software: CVE-2022-29972 Magnitude Simba Amazon Redshift ODBC Driver


Finally, there are other notable vulnerabilities from other software, vendors, technologies that should not be ignored:

  • F5 (BIG-IP)
    • We recommend to apply updates as soon as possible
    • Allows remote attackers to execute commands as 'root' without authentication

    • Interesting note: exploitation for shell dropping has been observed; if one misconfigures the appliance to 'allow default' on SelfIP then it is also vulnerable on non-management ports

    • We recommend that you apply this fix:

  • Cisco
    • Three flaws effecting Enterprise NFVIS Software
  • SAP
    • Remote Code Executions
  • Adobe
    • Third party patching, multiple advisories
  • SonicWALL
    • Secure Mobile Access (SMA) 1000 vulnerability

Our Recommendations:

  • Test and deploy patches to Domain Controllers to mitigate the new attack vector (NTLM Relay zero-day) related to CVE-2022-26925
  • Test and deploy Microsoft patches and fixes
  • Integrate Vulnerability Scanning and Vulnerability Management on a quarterly basis
    • These threats are mitigated with the implementation of foundational security controls (such as monitoring/logging, MFA, identity access controls, etc)
    • It is imperative to understand your critical assets to gain an understanding of risk and exposure as new vulnerabilities are constantly appearing
    • Threat actors are gaining speed on exploiting these flaws
    • Security measures and controls help gain visibility of network activity, and in the event a compromise occurs, this insight supplies the means to reduce the time of exposure while assisting in removal of persistent threats from environments
    • It is not a matter of if, it is a matter of when, therefore organizations need to be prepared to respond to a threat




Topics: security, Microsoft, MSP

About this blog

Welcome to the Cyber Advisors Blog.  Please take a moment to read through our content.  If you would like more information on any of these topics, simply reach out to us via contact information below.  If you find our content valuable, please subscribe.  


Would you like to hear from us? Click Below!
Learn More

Subscribe Here!

Recent Posts

Posts by Tag

See all